2v2.io ESP Radar + Aimbota été signalé 01/06/2026 pour Malware
Reason for Report: Malicious/Malware script / Credential harvesting / Spyware (Disguised as a game cheat)
Detailed Description:
This script is a sophisticated credential harvester disguised as an "ESP Radar & Aimbot" cheat for 2v2.io. While it renders a functional UI menu, its primary purpose is to silently hijack account access tokens and send them to a malicious remote database.
Technical Breakdown of Malicious Activity:
Storage Harvesting: In getTokenFromStorage(), the script actively loops through standard authentication keys (including jwt, session, access_token, and bearer) across both localStorage and sessionStorage to grab cached session tokens immediately upon loading.
API Hooking / Interception: Inside initBackgroundServices(), the script injects an anonymous function to override native window.fetch and XMLHttpRequest.prototype.setRequestHeader. It dynamically filters for out-going requests containing the word 2v2.io/api and extracts the user's hidden "Authorization: Bearer " token.
Data Exfiltration: In the reportSession() function, the script uses GM_xmlhttpRequest to bypass the browser's cross-origin restrictions. It bundles the hijacked authentication token into a JSON payload and secretly posts it to the identical malicious relay address used by this developer: [https://data-relay.rlssepic13950.workers.dev](https://data-relay.rlssepic13950.workers.dev) (with the validation key v2v2-relay-2026).
This is a severe, deliberate breach of GreasyFork security guidelines regarding spyware and credential stealing. Please remove this script and ban the author's account completely to protect game players from being compromised.
imsoknownBanni(l'utilisateur signalé) a effectué:
signalerCe rapport a été approuver par un modérateur.